Uninstall Now: These Chrome Browser Extensions Are Stealing AI Chat Logs
According to cybersecurity firm Koi, Urban VPN Proxy and three other popular browser extensions with 8 million+ installs can see conversations you've had with the top chatbots in 'raw form.'
A handful of Chrome extensions have been harvesting entire conversation logs of users' interactions with the most popular AI chatbots.
As reported by cybersecurity firm Koi, these extensions primarily offer free proxies and VPNs, but appear to be doing far more than that behind the scenes. Any time a user visits a chatbot site, a custom script executes, recording and transmitting the entire conversation. The worst part is that these extensions are used by millions.
Most chatbot users understand that the companies behind them are probably able to view the conversations, even if they've been anonymized. However, few may have considered the third-party services that scoop up that data for analytics and other purposes.
Koi co-founder and CTO Idan Dardikman wondered about it after having a particularly vulnerable discussion with a chatbot. The company asked Wings, its agentic-AI risk engine, to scan for browser extensions that could read and exfiltrate conversations from AI chat platforms.
"We expected to find a handful of obscure extensions—low install counts, sketchy publishers, the usual suspects," Dardikman says. "The results came back with something else entirely."
One extension stood out: Urban VPN Proxy. It had more than 7 million installs across the Chrome and Edge stores, and targeted conversations across 10 AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.
Urban VPN Proxy on the Microsoft Edge Add-ons store (Credit: Microsoft)
"For each platform, the extension includes a dedicated 'executor' script designed to intercept and capture conversations," Dardikman says. "The harvesting is enabled by default through hardcoded flags in the extension's configuration. There is no user-facing toggle to disable this. The only way to stop the data collection is to uninstall the extension entirely."
Koi points out that the developer of Urban VPN Proxy discloses the AI chat harvesting in its privacy policy, but that's not something many users are likely to read. The Chrome Web Store description, meanwhile, said, "This developer declares that your data is not being sold to third parties, outside of the approved use cases."
"Use cases" links to Chrome Web Store policies, which say "Collection and use of web browsing activity is prohibited, except to the extent required for a user-facing feature described prominently in the Product's Chrome Web Store page and in the Product's user interface."
Koi also flagged 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. These extensions had far fewer installs, but 1ClickVPN Proxy still topped 600,000, and in total, across both web stores, they have more than 8 million users.
All of the extensions have since been removed from the Chrome Web Store, but remain on the Edge Store, where 1ClickVPN Proxy is listed as "Featured," which is used to highlight "extensions that meet a high bar of quality, security, and user experience." When it was live on the Chrome Web Store, Urban VPN Proxy also had a Featured badge, Koi notes.
"This means a human at Google reviewed Urban VPN Proxy and concluded it met their standards," Dardikman says. "Either the review didn't examine the code that harvests conversations from Google's own AI product (Gemini), or it did and didn't consider this a problem."
Koi recommends that anyone who has these extensions installed should uninstall them immediately. "Assume any AI conversations you've had since July 2025 have been captured and shared with third parties," it adds.
You are not authorised to post comments.